I work for: https://www.signalsciences.com/ and our tool is specifically designed for use cases like this. Let me know if you would like more info cody-at-signalsciences-dot-com
For anyone that thinks that programming bootcamps are still worth considering. Why not try a free one: https://www.freecodecamp.com/ Really great student curated content!
Typically physical control is deemed as the game ender. If this is proven to be OS executable it will be a major issue. Many of the Adobe, IE, and other high volume exploit vendors codebase zero-day root exploits would allow one to not only gain access at a root level on a machine, but now also at a much lower level. This level would negate the typical benefits of recovering from a root-level "hack" via HDD erasing or Malware Removal tools or any other method available to even tech-savvy people.
Or... one could actually read the response article:
"This bug has been fixed, the affected keys have been rotated, and we have no evidence that Wes or anybody else accessed any user data. "
Really mining is seen as this hardcore active lifestyle when in reality it is rather sedentary. Typically there are jobs for jr. level positions which are very physically demanding. Afer about 2 years experience most people get "promoted" to driving some sort of heavy machinery. Often these positions are union jobs where the workers can easily dictate the pace at which they work. Typically I could spend 8 hours or more in some sort of seat forklift/haul truck/loader or whatever. This may not be the case in Coal Mines in Kentucky, but as you can tell from the pictures many of the workers in mining are not in peak physical condition.
Even in the positions that were physically demanding your body "adjusts" to the workload and it becomes rather similar to sitting in front of a computer basically you go into periods of "auto-pilot" and then other times it was somewhat mentally demanding.
Most mining operations are heavily automated requiring at least some knowledge of I.ndustrial C.ontrol S.systems ICS/SCADA is somewhat of a programming work flow. If this valve is open turn on this other valve once this sensor is tripped turn off this motor and close this valve. From a very simplistic manner this is similar to binary logic.
At least from what I have experienced infosec is very mentally challenging, but it is not a constant demand there are definitely periods where I am in auto-pilot. The best solution for me having gone to a sedentary work life is to walk to work, drink lots of water at work (make you get up to pee alot) and to take walks at lunch.
Absolutely anecdotal. This article nor myself never stated that "the entire out-of-work blue collar worker population" can or even would want to make the jump. Many of these blue collar workers can move into other industries it just so happens that programming is becoming more of a trade skill than an engineering one. There is currently a demand for highly skilled CS engineers. However, the jobs that do not require CS skill sets per se, but rather require "coding" skills are becoming more abundant.
Really my "coding" skills have helped me in other areas opening my eyes in new ways to automating my skill set. One of the best testaments to this was talked about by Zed Shaw http://learncodethehardway.org/blog/MAY_15_2012.html Basically stating that programming is a supplement to other skill sets. The majority of these programming bootcamps/workshops are geared towards onramping rapidly to jobs that would not typically qualify as engineering positions. These jobs typically require whiteboard interviews, but once you actually get on the job your programming skill set is not nearly as utilized as it was during the interview. While I cannot quantify this supposition it would be really difficult to get a company to admit or supply data stating that they interview for rock stars, but have you do "janitorial" code work in reality.
Where the Bloomberg article most failed is stating that they "cannot" learn to code. Pretending that becoming a developer/engineer/coder requires some minimal level of IQ, even the IQ standard is hotly debated, is ridiculous. Just as any other skill set it just requires dedication and commitment.
After eight years in mining I made the jump to coding. However, my coding quickly changed to infosec. So definitely miners can make this jump. This is highly biased, but I would say that many blue collar workers bring a very different work ethic as compared to other workers in the software industry. Miners especially have a comradery that I have not heard of in other industries. In addition to this 80+ hour work weeks were definitely the norm in many mining industries. This type of work ethic has somewhat set me apart from many of my peers.
Can you cite "all Android devices affected"? Cannot find this particular quote in this or any other article. Also what bug report? I found this article and other articles cited, but no bug report from Google or the researcher as of yet.
The article does state "The vuln being in recent version of Chrome should work on all Android phones;" which is factually correct.
This is a "Chrome" bug in so much as the Chrome browser uses the V8 Javascript engine. However, this particular bug could have other consequences as it is stated in this article and others that the bug in fact occurs in the V8 Javascript Engine which is used in Nodejs, Mongo and others.
What is the logic to responding to security disclosures like this? In the reddit world this is called shit posting. Security bug A affects product B (or c-f) someone always responds at least I use g or h on z! Thus, I am immune from this particular security issue! Genuinely interested in why anyone bothers posting this non-sense.
One thing I really liked about the write-up is the thoroughness that everything was explained. Nothing was assumed. The author explains what burp is why it was used. Broke down the basics in a high level and the touched on the simple things. Showed exploits in multiple frameworks. Really a well done article just from a write-up perspective let alone the impact of the issue.
This seems like trolling, but this line of thought seems very extreme. Not sure where the perceived obsession comes from. People communicate in different ways and assuming that there should be a single refined dump of information is not taking into the account the fact that the people reading the documentation come from completely different backgrounds and technical levels of understanding.
"Submit a pull request before.."
The unofficial documentation and related tutorials are exactly that, unofficial, they are not meant a replacements by any stretch of the imagination for the official documentation. Rather, these forks exist to speak to many different audiences and in some cases, speaking from personal experience, attempting to document and teach others is a very useful tool for personal edification regardless if it is a distraction from the "blessed" documentation.
Would agree with above, but given the evidence of chauvinism in the workplace I would say regardless of the facts this will be seen as sexism. Personally, I think it would be cool to have either a male or a female that was genuinely interested in some of my programming projects.
Motivational employees would help to significantly ease some of the social anxiety of programmers such as my self. Male or female the interaction of genuine interest is at the core of what seems to be lacking here. Typically any "collaborative" or "interest" showed by coworkers or superiors falls into two buckets.
- coworker: "oh that's cool reminds me of the time that I did x" with subtle connotations of why x is better than what you are doing.
- superior: "hmm really interesting, make sure you get this other stuff done before next week" with less subtle connotations of I have no idea what or why you are doing nor do I care as long as you get all your work done.